Which Network TAP for me?
Getting data from your network and into your monitoring and security tools is just as important as the tools themselves, it can also be one of the most challenging tasks.
Using network taps are one of today’s best methods for creating permanent in-line monitoring ports for your packet analysers, intrusion detection systems, data retention compliance devices and other analytic network tools. To accomplish this, taps are inserted between network devices, where they copy data continuously, 24/7, without compromising network integrity.
In short Taps are:
- Non-intrusive and do not affect network performance
- Fault-tolerant to insure seamless monitoring and zero downtime
- Invisible to the network for maximum security
- Able to pass all traffic on both sides of full duplex links
Helping you to:
- Get better data than with using SPAN - see this useful pdf Tap vs SPAN
- Conserve SPAN ports and reduce switch performance degradation due to mirroring
- Gain complete visibility of all intact and error frames alike and even suspicious traffic
- Ensure network monitoring & recording tools receive all the required data
- Reduce costs as you no longer need to buy expensive monitoring tools for every important network segment
- Monitor 10Gig links with 1Gig tools
It is essential to select the right network tap/aggregator for your requirements. You need to match the tap to the topology of your network and the task you want it to perform.
Network taps are available in both copper and fibre media types and can can connect at speeds up to 100G.
We supply Datacom Systems full range of Network Taps/Aggregators. For more information on the different types of taps available, read on. Or just give us a call or email and our engineers can advise you.
Copper Taps
Copper taps do not split the network signal; they regenerate it. Regenerating the network signal means the signal gets amplified to a level where it can be received by the network devices connected to the tap. Standard copper taps start at £495.
To regenerate the network signal, copper taps must have power. When the tap is powered, the electrical signal passes through an open bypass circuit to an area of the board where the signal is regenerated and directed. Copper taps come with dual redundant power supplies and some support Power over Ethernet (PoE).
If power is not available to the tap, the bypass circuit closes, and the signal gets transmitted directly to the receiving network device. An active tap uses a relay-based failover system for power fault tolerance. With active taps, when power is lost to the tap, relays will re-establish the link which causes a 600 micro second delay. This delay may cause auto negotiation to take place and spanning tree to recalculate. To overcome this, the auto negotiation should be hard set to the desired speed and spanning tree for those ports set to portfast. When set up in this manner, if one of our active taps lose power, it will typically make no noticeable impact on your network.
Link Aggregation
In addition to the many considerations made when selecting the right network tap for your network environment, you may also need to determine whether or not you need or could benefit from a link aggregation tap. Link Aggregation taps start from £910.
For monitoring devices that do not have two separate NICs to act as monitor cards and cannot receive and combine full-duplex data, you may want to consider deploying a link aggregation tap to leverage your existing network device.
A link aggregation tap, receives both sides of a full-duplex conversation, aggregates the data and sends a complete copy of the full data stream to a the monitor card of the attached device. Like our network taps, our link aggregation taps come in multiple variations of media types for both tap and network ports. Like a SPAN port in a single box!
Fibre Taps
When deploying a fibre tap, there are two main items to consider - the tap's split ratio and the tap's light source. A fibre tap's split ratio is mainly determined by the tap's receiver sensitivity, its' transmitter strength, and cabling. Fibre Taps start from £550.
Each time an optical link is tapped, the link suffers from insertion loss. With each new access port that is created on a fibre link, more light gets "tapped out" of the network. This degrades the network signal. In other words, the more "light" a fibre network is able to transmit, the better. Therefore, when deploying a fibre tap, you should choose a tap with the highest split ratio that will provide the adequate amount of light to the connected monitoring device.
Fibre taps are completely passive and non-powered.
Regeneration/VersaStream/Filtering Taps
In some cases, you may want or need to connect several devices to the same link.
If this is the case, you may want to consider a regeneration tap or a VersaStream Tap. Regeneration taps have multiple monitoring ports, so multiple network tools can gain in-line access to the same network segment.
VersaStream multi-link aggregators provide a solution for monitoring multi-link EtherChannel and asymmetric network segments. It provides the ability to monitor multiple SPAN ports simultaneously, aggregating the data, and sending a single copy to several connected network devices.
Regeneration taps start from £2,250.
A great feature of many taps is TCP Resets!
Most network taps (with the exception of standard taps) provide additional security features. The most common among these is an active response mechanism called a TCP Reset. A TCP Reset is a signal that is sent out to a device to terminate its TCP session.
A bi-directional port can send out or pass TCP resets into live network links. A TCP reset allows an active network intrusion detection system to terminate an undesired network session. TCP resets are commonly used if and when denial of service attacks take place or any unwanted traffic ties up the link.
Our network taps and link aggregation taps come in a variety of models that offer TCP reset functionality. They also offer the ability to “talk out” on to the network to further assist communication with other monitoring devices like Allegro Packets.